Secure Sockets Layer (SSL) security is enabled and disabled by using Internet Service Manager. SSL is a protocol submitted to the W3C working group on security for consideration as a standard security approach for World Wide Web clients and servers on the Internet. SSL provides a security handshake that is used to initiate the TCP/IP connection. This handshake results in the client and server agreeing on the level of security that they will use, and it fulfills any authentication requirements for the connection. From then on, SSL's only role is to encrypt and decrypt the information that is being passed between the client and server via the Internet. To enable SSL security on a Microsoft Internet information server, follow these steps: Generate a key pair file and a request file. Request a certificate from a certification authority. Currently, the only known certification authority is Verisign, which is located at http://www.verisign.com. Install the certificate on your server. Activate SSL security on a World Wide Web service directory. Keep in these important points when you enable SSL security: You can enable SSL security on the root of your Web home directory, which by default is \WWWROOT, or on one or more virtual directories. After you enable and properly configure SSl security, only SSL-enabled clients can communicate with the SSL-enabled Web directories. URLs that point to documents on an SSL-enabled Web directory must use https:// instead of http://. Links that use http:// in the URL do not work on a secure directory. Using SSL is not the same as validation. It just ensures that when you send something via the Internet, nobody can eavesdrop on the information being passed back and forth. It does not guarantee that the information being passed is authentic, especially in the case of credit card numbers. Transactions that provide for the transfer of money between a client and a server and are currently in the final stages of development.